Traditional approaches for protecting data use a combination of passwords and/or encryption algorithms. These techniques yield several limitations which increase overall risk to data owners. One of these limitations is that data owners cannot enforce data access requirements based on the context with which data is being accessed, such as, but not limited to where the data is being accessed, on what system the data is being accessed and what controls exists on that system to protect that data access. Another limitation is that password and/or encryption keys may be easily guessed or stolen by malicious hackers if the selected password or encryption key is weak.
A further limitation relates to the management of copied information. For example, when the owner of sensitive information (“Data Owner” or DO) shares that information with a primary business or person (“Primary Data Accessor” or DAP) a copy of that data is created and given to the DAP. If the DAP does not maintain sufficient risk mitigating controls on that information copy, the DO and DAp are exposed to risks such as, but not limited to, data breach, data loss or identity theft. The DAP may be further exposed to fines or penalties from federal regulations (e.g., HIPAA, HITECH, etc.), standards or state laws. If the DAP shares that information copy with another data accessor or a series of data accessors, such as internal employees, vendors or contractors (“Extended Data Accessor” or DAE) and sufficient risk mitigating controls are not maintained by the DAE further exposure to risk is created.
The following are some example data breaches. In 2006, the US Department of Veterans Affairs (DAP) lost the personal information of up to 26.5 million veterans (DO). In this case, an employee (DAE) took home unencrypted electronic data containing the personal information which was later stolen from the home of that employee. In another case, in 2007, a reported 94 million credit card accounts (DO) were lost by TJX Cos (DAP). The data loss was believed to be due to a hacker attack.
In sum, once the DO has shared sensitive information with a DAP or DAE they have limited to no physical/technical control regarding when, where, how and by who that data is accessed. The techniques described below address these limitations and shortcomings.